From 206abfa5e895d554e365da7536e34f395eba971f Mon Sep 17 00:00:00 2001
From: vakarisz <vakarisz@yahoo.com>
Date: Tue, 4 Jan 2022 17:40:36 +0200
Subject: [PATCH] Agent: refactor a couple web_rce methods to static

---
 .../infection_monkey/exploit/elasticgroovy.py |  2 +-
 monkey/infection_monkey/exploit/struts2.py    |  2 +-
 monkey/infection_monkey/exploit/web_rce.py    | 26 ++++++++++---------
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py
index 668bfb7c4..522c348b1 100644
--- a/monkey/infection_monkey/exploit/elasticgroovy.py
+++ b/monkey/infection_monkey/exploit/elasticgroovy.py
@@ -58,7 +58,7 @@ class ElasticGroovyExploiter(WebRCE):
     def get_open_service_ports(self, port_list, names):
         # We must append elastic port we get from elastic fingerprint module because It's not
         # marked as 'http' service
-        valid_ports = super(ElasticGroovyExploiter, self).get_open_service_ports(port_list, names)
+        valid_ports = WebRCE.get_open_service_ports(self.host, port_list, names)
         if ES_SERVICE in self.host.services:
             valid_ports.append([ES_PORT, False])
         return valid_ports
diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py
index b029f211f..8bf2c788b 100644
--- a/monkey/infection_monkey/exploit/struts2.py
+++ b/monkey/infection_monkey/exploit/struts2.py
@@ -39,7 +39,7 @@ class Struts2Exploiter(WebRCE):
         :param extensions: What subdirectories to scan. www.domain.com[/extension]
         :return: Array of url's to try and attack
         """
-        url_list = super(Struts2Exploiter, self).build_potential_urls(ports)
+        url_list = WebRCE.build_potential_urls(self.host.ip_addr, ports)
         url_list = [self.get_redirected(url) for url in url_list]
         return url_list
 
diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py
index a8ce60a40..72d948c86 100644
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@@ -20,7 +20,7 @@ from infection_monkey.model import (
     MONKEY_ARG,
     POWERSHELL_HTTP_UPLOAD,
     RUN_MONKEY,
-    WGET_HTTP_UPLOAD,
+    WGET_HTTP_UPLOAD, VictimHost,
 )
 from infection_monkey.network.tools import tcp_port_to_service
 from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
@@ -154,8 +154,10 @@ class WebRCE(HostExploiter):
         """
         raise NotImplementedError()
 
-    def get_open_service_ports(self, port_list, names):
+    @staticmethod
+    def get_open_service_ports(victim_host: VictimHost, port_list, names):  # noqa: F821
         """
+        :param victim_host: VictimHost object that exploiter is targeting
         :param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
         :param names: [] of service names. Example: ["http"]
         :return: Returns all open ports from port list that are of service names
@@ -163,12 +165,12 @@ class WebRCE(HostExploiter):
         candidate_services = {}
         candidate_services.update(
             {
-                service: self.host.services[service]
-                for service in self.host.services
+                service: victim_host.services[service]
+                for service in victim_host.services
                 if (
-                    self.host.services[service]
-                    and "name" in self.host.services[service]
-                    and self.host.services[service]["name"] in names
+                    victim_host.services[service]
+                    and "name" in victim_host.services[service]
+                    and victim_host.services[service]["name"] in names
                 )
             }
         )
@@ -216,10 +218,12 @@ class WebRCE(HostExploiter):
             logger.error("Host's exploitability check failed due to: %s" % e)
             return False
 
-    def build_potential_urls(self, ports, extensions=None):
+    @staticmethod
+    def build_potential_urls(ip: str, ports, extensions=None):
         """
         Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and
         extensions.
+        :param ip: IP address of the victim
         :param ports: Array of ports. One port is described as size 2 array: [port.no(int),
         isHTTPS?(bool)]
         Eg. ports: [[80, False], [443, True]]
@@ -237,9 +241,7 @@ class WebRCE(HostExploiter):
                     protocol = "https"
                 else:
                     protocol = "http"
-                url_list.append(
-                    join(("%s://%s:%s" % (protocol, self.host.ip_addr, port[0])), extension)
-                )
+                url_list.append(join(("%s://%s:%s" % (protocol, ip, port[0])), extension))
         if not url_list:
             logger.info("No attack url's were built")
         return url_list
@@ -329,7 +331,7 @@ class WebRCE(HostExploiter):
         :return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [
         port.nr, IsHTTPS?]
         """
-        ports = self.get_open_service_ports(ports, names)
+        ports = WebRCE.get_open_service_ports(self.host, ports, names)
         if not ports:
             logger.info("All default web ports are closed on %r, skipping", str(self.host))
             return False